Manualshelf

HP-UX Event ManagerAdministrator's Guide

ManualsBrandsHP ManualsSoftwareHP Event Monitoring Service Software
31323334353637383940
Using Event Manager
Monitoring Events
Chapter 240
Using the -A Option to Simplify the Command String introduces using
the evmget command with the -A option, which makes it possible to
retrieve, sort, and display events without building a pipeline.
Depending on the size and type of your system and the number of events
being logged, event retrieval can take a noticeably long time. This is
because each retrieval operation requires every channel's get function to
read through its log files, convert its events to Event Manager events,
and then apply the filter string (if any) to determine whether the event is
passed back to the evmget command. The larger the log files, the longer
this process takes. Careful log file management helps to speed up the
process. If you know that you want to display events that belong to a
particular event channel, you can shorten the process by using the
evmget -C command to display only the specified channel. For example:
# evmget -f '[pri >= 600]' -C evmlog | evmshow | more
In this example, the get function runs only on the evmlog channel. As a
result, the command completes its task quickly. A filter string is specified
to return events that have a priority greater than 600. You can
determine what channels are configured by using the evminfo-lc
command, or by examining the channel configuration file. For more
information about the channel configuration file, see evminfo (1) .
NOTE By default, only the evmlog channel is provided.
Sorting Events Using evmsort
The evmsort command takes a stream of Event Manager events as
input, sorts them into the requested order, and writes them to its stdout
stream. This command enables you to sort the output from the evmget
command, but it can be used to sort Event Manager events from any
source. For more information, see evmsort (1) .
The following example shows a typical command sequence:
# export EVM_SHOW_TEMPLATE="@timestamp [@priority] @@"
# evmget -f '[pri >= 600]' | evmsort | evmshow | more
By default, the evmsort command sorts events in the chronological order,
so the previous command is suitable for most cases. You use the s option
to declare a sort specification if you want the events sorted differently. A
sort specification is a text string that defines one or more sort keys,